NEW DELHI: Intercepting an adversary’s drone communications can be as valuable as shooting it down but only if the data can be exploited. In a first, the Indian Army opened its drone communication systems to civilian hackers and engineers to test the security of its next-generation communications.

Held in Bengaluru earlier this month, the experiment, termed “Crack the Uncrackable”, brought together teams from across the country, including engineers, data scientists and cybersecurity specialists, as part of a broader effort to tap civilian expertise for strengthening defence technologies.

Participants were given access to encrypted data from Army drone transmissions, along with a live drone and ground control setup where real-time interception attempts could be made.

The challenge had two parts. One involved analysing pre-recorded encrypted data, while the other required teams to attempt live interception of drone communications. 

Participants were not told what encryption was used and were expected to identify patterns or extract any useful information through analysis alone, mirroring real-world conditions where adversaries attempt to make sense of intercepted data without prior knowledge.

Despite sustained efforts using a range of approaches, including data analysis, signal profiling and machine learning techniques, no team could identify the encryption method or extract any meaningful information from the intercepted data.

“The output appeared like random data, with no visible patterns or markers to indicate how it was encoded. In effect, while the data could be intercepted, it could not be read or understood,” an Army official explained.

He added that the systems are part of a broader push towards “quantum-safe” encryption, meant to remain secure even against future quantum computers, which could challenge existing encryption standards as early as 2030.

The exercise also saw teams attempt more advanced approaches, including analysing transmission timing and data volumes and using machine learning (ML) models to detect hidden patterns. While these approaches did not reveal the encryption, they pointed to a different kind of vulnerability.

The Army acknowledged this as a future risk, with adversaries potentially focusing on traffic patterns rather than breaking encryption itself and said communication schedules would be made less predictable to mitigate it.

“The results have provided confidence that even if drone communications are intercepted, they would not easily yield useful information,” the official added.

The test was conducted by the Army’s 515 Army Base Workshop as part of a hackathon intended to secure drone-to-ground communications using indigenous quantum-safe technology. 

Globally, involving civilian experts to test such secure systems is not new. Agencies such as DARPA and the National Security Agency in the US, the UK’s Government Communications Headquarters, as well as Israel’s cyber ecosystem led by the Israel National Cyber Directorate, have used similar approaches, though largely focused on software and network systems.